So, I've read that most printers save the files they print/scan and I was trying to see if that's the case with our work printers. Is there a tool to let me access these files?
Asked
Active
Viewed 9,120 times
3 Answers
4
Everything that I've read and news reports I've seen about this problem seems to indicate that dismantling the machine and removing the hard disk drive is the best way to get to the data. If you're doing a pen-test I'd say that it's fairly unlikely that the Customer is going to let you tear their photocopier apart.
Presumably there are vulnerabilities in many copiers' operating systems that would permit access to the hard disk drive, but it may go well beyond the level of a simple pen-test to develop software to exploit these sorts of vulnerabilities. If that's something that interests you then you may want to start investigating the various OS's and embedded platforms used in copiers, serarching for vulnerabilities, and developing exploits to get at the data. You might well be able to make a name for yourself...
Evan Anderson
- 141,071
- 19
- 191
- 328
-
From http://www.computerworld.com/s/article/print/277746/Smart_Printers_Scary_Printers - "At the Black Hat conference in Las Vegas in August, O’Connor delivered a blow-by-blow presentation on how to bypass authentication, inject commands at the root level and create shell code to take over printers in Xerox Corp.’s WorkCentre line of printers, which run on Linux operating systems. " I'm just taking my first baby steps in sec and pentests, but since most printers everywhere are left with default configs and store sensitive data, I assumed there would already be a way to test/exploit this... – Jul 19 '10 at 16:47
-
@Penetrator: My experience is that many printers don't run as fully-feature of an operating system as Linux. Certainly, though, the higher-end printers (Xerox, Ricoh, Canon, etc) are more apt to be running general-purpose OS's. I wouldn't be surprised if there are goodly numbers of command injection bugs in the various web-based interfaces on a lot of higher-end machines. That's probably the first place I'd look, along w/ fingerprinting the OS and daemons running on the machine and looking for known vulnerabilities. – Evan Anderson Jul 19 '10 at 16:51
0
Talk to your vendor sales or support rep.
I'm pretty sure that most Xerox devices in this range automatically encrypt and overwrite data. You may have to purchase an additional license.
duffbeer703
- 20,077
- 4
- 30
- 39
-
Could you explain the license issue? What's the default behaviour if such a license doesn't exist? – Jul 19 '10 at 16:48
-
The Xerox collateral mentions a "Data Security Kit". I don't know whether you have to pay extra for that or not. My employer has required encryption for a few years now, so I'm not sure whether it is an added cost or not. – duffbeer703 Jul 19 '10 at 16:59
0
At least with older Xerox printers there were a variety of Postscript operations available for interacting with the local filesystem...you could use this by submitting the appropriate print job to the printer, or possibly through an interactive telnet session. Look at the "File operators" section in chapter 8 of the Postscript Language Reference Manual.
Of particular interest may be the filenameforall operator, which will execute a block of code for each filename matching a pattern...this is a great way to write your own version of the ls command.
At one point I had some tools for connecting to the printer via telnet and dumping the contents of all the files (and then splitting them apart on the receiving end). I think they've been lost after some job and hardware changes, but it's definitely possible.
EDIT: Section 7.4.2 of the MIME RFC is also interesting from a security perspective w/r/t Postscript printers.
larsks
- 41,276
- 13
- 117
- 170